Introduction

This is the project page for the integration of SELinux policy into RPM 4. Specifically the project is focused on adding infrastructure to RPM to install and manage SELinux policies and reduce the error-prone scriptlets that have been used up to now to install policy from RPM's.

The name field is optional and if omitted will use the basename minus the extension for the name, however it is recommended that you use the name field and it must match the name of the module specified in the policy.

Installing an RPM with a policy

Installing an RPM will also install its policy.

# rpm -i <rpm>

Verifying the policy is installed

# semodule -l | grep foo
foo 1.0.0

Specifying policy type

If your policy only works with a specific policy type (eg., targeted, mls, etc) you can specify that with Types:

PolicyRequires

You can specify a dependency that is used only when policy is being installed with %PolicyRequires

PolicyRequires: policycoreutils

PolicyRequires is part of the rpm preamble and has the same syntax as the Requires tag.

nopolicy and root

If you specify the --nopolicy flag when running RPM the policy will not get installed. Additionally if you are installing RPM's into a chroot with --root the policies will be installed in the chroot but the policy will not be reloaded.